Mary Kay Henry, president of the Service Employees International Union, which backs the Fight for $15, told Fortune that child care workers protesting alongside fast-food workers illustrates a dual crisis: underpaid working parents are struggling to pay for child care and those who care for others’ children are struggling to take care of their own.

“If you look back over the last 25 years, we’ve learned so much about early childhood development. We have a 21st century set of expectations [about childhood development], but in many ways we still have a 20th century view of work and pay structure [for child care workers],” says Marcy Whitebook, director of the Center for the Study of Child Care Employment at the University of California, Berkeley. “There’s a gap between the expectations and promise of early childhood and the way we think about the people who do the work.”

That gap is putting the quality of child care at risk. Research points to wages as a key factor in the retention of high-qualified teachers, which, in turn, is the best predictor of whether a child care center maintains quality over time.

Low wages inflict additional harm on the individuals who are providing the care.

Corrine Hall, a 53-year-old from Raleigh, North Carolina who has worked in child care for 30 years, told Fortune she currently earns $8.25 per hour serving as a substitute caregiver at various child care centers. She was laid off from a full-time job two years ago. In the three decades she has worked in the field, she’s never earned more than $13 per hour. Her low wages forced her to use food stamps earlier in her career as she cared for two daughters by herself. She has little savings for retirement. “I don’t have anything to fall back on. Hopefully social security will be around. Other than that and my family, that’s pretty much all I have,” she says.

Hall is far from alone in her reliance on public assistance. In 2012, 46% of child care workers—versus 25% of the nationwide total workforce—was a member of a family enrolled in at least one of four public support programs: the Federal Earned Income Tax Credit, Medicaid and the Children’s Health Insurance Program, the Supplemental Nutrition Assistance Program, and Temporary Assistance for Needy Families, according to a 2014 study by the Berkeley Center.

Underlying the wage issue is the high cost of child care itself, which makes industry workers’ poor pay all the more surprising. For parents, full-time infant care costs—on average—between $4,560 and $16,549 per year, depending on the state and child care center setting. For a four-year-old, it ranges from $4,039 to $12,320. The Berkeley Center’s analysis shows that there’s been a two-fold increase in the cost to parents for early childhood services since 1997. At the same time, child care workers have experienced no increase in real earnings, even as payroll and related expenses make up 80% of the cost of a child care program.

Where is the increased cost of child care going, if not to workers? Deborah Phillips, a professor of developmental and child psychology at Georgetown University who worked on the 2014 Berkeley study, put it bluntly: “We have no idea.”

Phillips surmises that the increased expense could be related to the growth of for-profit childcare centers.

Meanwhile, Rachel Demma, policy director at the Early Care and Education Consortium, which represents child care centers, says most for-profit providers make very little profit and, like their non-profit counterparts, spend the lion’s share of their revenue on staffing expenses. She said the growing cost of child care could be due to fluctuations in state reimbursement rates to providers that serve needy families. M-A Lucas, director of the Consortium, points to stricter caregiver-to-child ratios and the increased prevalence of labor-intensive infant care as two potential reasons for the skyrocketing costs and stagnant worker pay.

The answer to a second question may be just as hard to pin down: who will pay for child care workers’ higher wages?

There’s little disagreement that parents are already paying enough. Lucas says she’s concerned about the wages of the child care workforce, but her organization’s stance is to “advocate for policies that won’t shift the burden of increased program costs to families.”

Whitebook from the Berkeley Center says early childhood education should be a public good. “Like public education, not everyone has to use it, but it should be there.”

How much do data breaches cost big companies? Shockingly little

In the last two years, Fortune 500 companies from Sony to Target to Anthem have experienced major data breaches. Executives have lost their jobs, tens of millions of consumers have had their credit card and other personal data compromised, and corporations have frantically tried to contain the damage. Just last week, Target agreed to pay $10 million in a proposed settlement of a class-action lawsuit related to a huge 2013 data breach.

But for all the panicky headlines, the boardroom anxiety, and the general cyber security doom-and-gloom, one important—if counterintuitive—question seems to have been overlooked: How much does hacking really cost big companies?

If you dig into the financial performance results of companies hit by some of the world’s most notorious, disclosed data breaches, a disturbing fact will strike you: They don’t seem to cost all that much.

That is the stunning conclusion of an analysis by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs. Dean—who also has a background in accounting—pored over 10-K filings for Sony SNE, Home Depot HD, and Target TGT, after their recent, well-publicized security breaches. Keeping an eye out for breach-related expenses in these companies’ quarterly financial reports, Dean discovered that the actual expenses reported by these companies amounted to less than 1% of each company’s annual revenues.

“After reimbursement from insurance and minus tax deductions, the losses are even less,” Dean writes on The Conversation, where his post initially appeared.

A close look at Sony

Sony’s November 2014 hacking led to the disclosure of unreleased movies, embarrassing internal emails, and personal data—including Social Security numbers—of 47,000 celebrities and employees. (It was so traumatic and disruptive to the company that it delayed its 10-K filing.)

Still, Sony estimates its breach’s financial impact has been just $15 million to date “in investigation and remediation costs.” That’s barely a blip on the radar.

“To give some scale to these losses,” Dean writes, “they represent from 0.9% to 2% of Sony’s total projected sales for 2014 and a fraction of the initial estimates.”

Dean notes that Sony, in total, anticipates spending $35 million “restoring financial and IT systems” for the full fiscal year. Further writing off the breach’s monetary ramifications, the company forecasts: “Sony believes that the impact of the cyberattack on its consolidated results for the fiscal year ending March 31, 2015 will not be material.” Translation: <Shrug>.

These numbers are likely not small enough to vindicate Sony Pictures’ former executive director of information security. In 2007, he told CIO Magazine that “‘it’s a valid business decision to accept the risk’ of a security breach…I will not invest $10 million to avoid a possible $1 million loss.” But Dean’s analysis does come alarmingly close to making the minimal effort-stance a defensible position.

The Home Depot hacking also barely made a dent.

Last year’s Home Depot hacking led to crooks pocketing an estimated 50 million customers’ credit card numbers and email addresses, but this relevant bit from Home Depot’s most recent earning’s report shows it had a negligible impact:

In the third quarter of fiscal 2014, the Company recorded $43 million of pretax expenses related to the Data Breach, partially offset by a $15 million receivable for costs the Company believes are reimbursable and probable of recovery under its insurance coverage, for pretax net expenses of $28 million.

When you do the math, that $28 million “represents less than 0.01% of Home Depot’s sales for 2014,” Dean points out.

And what about Target?

Target’s hacking in late 2013 resulted in the theft of 40 million payment cards and 70 million other records, including customers’ email addresses and phone numbers. The security breach was considered so severe that the CEO felt compelled to resign.

The Company incurred breach-related expenses of $4 million in fourth quarter 2014 and full-year net expense of $145 million, which reflects $191 million of gross expense partially offset by the recognition of a $46 million insurance receivable. Fourth quarter and full-year 2013 net expense related to the data breach was $17 million, reflecting $61 million of gross expense partially offset by the recognition of a $44 million insurance receivable.

To sum the math up, Target’s gross expenses totaled $252 million, insurance compensation brought that down to $162 million, and further tax deductions yield a final $105 million. While larger than either Home Depot’s or Sony’s outlay, the final amount is not so wounding in the grand scheme of things.

“This is the equivalent of 0.1% of 2014 sales,” Dean notes.

“To the companies themselves, this seems like a rounding error,” he told Fortune on a call from Australia. “It’s certainly not a huge loss when compared to their annual revenues.”

To invest or not to invest in security

To be sure, this analysis has generated criticism. Matthew Rosenquist, an information security strategist at Intel INTC, argues Dean’s analysis has several problems. First, he notes Dean uses revenues rather than profits as the key metric. “It can make a lot of difference to management if an attack consumes a big chunk of your profit or worse, pushes you from the green into the red side of the ledger,” he writes on a company blog.

Rosenquist also stresses the hidden costs of a breach: rising insurance premiums, damage to third parties, sinking customer goodwill and trust. Most importantly, he writes, failing to invest in security is strategically myopic; without ensured stability, a business may as well be committing corporate suicide.

Dean acknowledges that over time consumer faith may erode, but he says, for now, “You can’t see losses and effects on the bottom line in terms of reputational damage.”

Actually, Rosenquist and Dean don’t differ greatly in their conclusions. “Regardless of the way we measure it, or whether we look forward or backward, we agree on the central point that companies need to invest in information security,” Dean told Fortune, responding to Rosenquist’s criticisms by email.

Turns out Dean is not an apologist for the willfully, digitally indisposed. He says he believes corporate networks need buttressing—even if data breaches don’t hurt companies’ bottom lines. Moreover, he believes the incentives for buttressing corporate networks need buttressing. And until corporations are held more accountable for these breaches—not with $10 million slaps-on-the-wrist—but with, well, he isn’t quiet sure what yet, companies won’t make the big investments in information security needed.

So, is security worth the investment? Here’s Dean’s take:

We need to get back to what the hard evidence says. What are the verified losses and impact, as opposed to speculation in some cases? It’s not quite fear-mongering. We need to ground our analysis in how big a problem this is. Once we’ve ascertained how big a problem it is, we can figure out what to do about it, and have an open and informed discussion. Right now that’s not happening. I’m not seeing hard evidence used to back up claims. If that discussion is happening, it’s not open.

While retailers should be commended for paying workers more, the pile-on has brought attention to a key group of low-wage employers that have been noticeably absent from the discussion. Traditional fast-food restaurants haven’t made a peep.

That’s not to say fast-food employers have been free of pressure from their workers and the public to bump up wages. The so-called Fight for 15 campaign has repeatedly hounded fast-food chains—most notably, McDonald’s—for their low pay, erratic hours, and most recently poor workplace safety.

While worker advocates will tell you there’s no excuse for the fast-food giants’ wage policies, a few facts help explain why retailers have been able to move faster on the issue.

“Generally speaking, if Target or Wal-Mart raises [wages] to $9 or $10, the labor cost increase that it entails is smaller than if McDonald’s or Burger King did the same,” says Arindrajit Dube, an associate professor of economics at University of Massachusetts Amherst. Those labor costs figures also mean that retailers can more easily pass wage increases along to customers if they wish, since worker pay represents a smaller portion of all goods sold.

In the competitive retail world, anything to make shoppers think you care more about them than the competition is a good move. Target is likely hoping that shoppers who know their own fickleness will choose it over rival retailers, knowing Target offers a long window to let shoppers change their minds.

Target boosts pay and Facebook is sued — 5 things to know today

Target TGT is dominating the news cycle after it announced plans to increase pay, the latest move by a major retailer to pay its employees more in both a sign of increasing competition for talent and (perhaps skeptically) a savvy move for some good PR. Facebook, meanwhile, has been hit with a lawsuit that alleges the company wrongfully terminated an employee after she complained about gender and racial discrimination. The company denies the allegations.

Target is planning to increase the starting salary of its workers to $9 an hour beginning next month, a move that comes after rival Wal-Mart WMT last month said it was spending $1 billion to increase hourly wages for its current U.S. store associates beginning in April. Those increases reflect a scarcer supply of workers and growing competition for them. Separately, Target has agreed to pay $10 million in a proposed settlement of a class-action lawsuit related to the massive 2013 data breach, court documents show.

2. Facebook sued for sex discrimination

A former employee of Facebook FB has sued the social-media giant, accusing it of gender and racial discrimination, as well as sexual harassment. Chia Hong, a former employee, said she suffered three years of harassment during stints as a program manager and technology partner. She also alleges she was wrongfully terminated in October 2013 after she complained about the harassment. Notably, the case was taken on by lawyers who are involved in another high-profile gender discrimination case between former venture capitalist Ellen Pao and Silicon Valley investment firm Kleiner Perkins Caufield & Byers. Facebook, says it has “substantive disagreements on the facts” of the case, and says it believes it treated the employee fairly.

3. Major banks struggle to ditch oil loans

Major banks including Goldman Sachs GS and Citigroup C have struggled to ditch loans they made to the energy companies, signaling investors’ jitters in a sector beaten down by low oil prices. The banks face tens of millions of dollars in losses on the loans they made to the energy companies last year, The Wall Street Journal reports. Beyond the pain felt by the banks, Wall Street’s losses could hurt the ability of oil companies to fund their operations as investors are more cautious about lending to the sector.

4. Nike poised to report another strong quarter

Nike, the world’s largest athletic gear maker, is poised to report a roughly 10% increase in both sales and profit for the company’s latest quarterly report as the company’s business is seen as robust worldwide. At home, the company and its competition are benefiting from the “athleisure” trend — athletic gear is being increasingly worn not only at the gym, but also for errands around town and as daily clothing not meant for athletic activities. That trend has lifted the entire sector, but also lured more competition. Analysts are warning investors to be mindful of the strength of the U.S. dollar, which has pressured many multinational corporations in the latest earnings cycle.

5. Electronics maker Sharp to cut 12% of workforce

Japan’s Sharp is expected to cut about 6,000 jobs in a global restructuring expected to cost the company more than $1.7 billion, according to a Reuters report. Half of those job losses would come through early retirement while the rest would be overseas, according to a person familiar with the matter. Sharp is on track for its third annual net loss in four years, as the company’s panel-making business has faced market pressure.

Target will pay $10 million to settle lawsuit from data breach

Target Corp has agreed to pay $10 million in a proposed settlement of a class-action lawsuit related to a huge 2013 data breach that consumers say compromised their personal financial information, court documents show.

Under the proposal, which requires federal court approval, Target will deposit the settlement amount into an interest bearing escrow account, to pay individual victims up to $10,000 in damages.

The claims will be submitted and processed primarily online through a dedicated website, according to the court documents.

The proposal also requires Target to adopt and implement data security measures such as appointing a chief information security officer and maintaining a written information security program.

“We are pleased to see the process moving forward and look forward to its resolution,” said Target spokeswoman Molly Snyder.

CBS News, which earlier reported the settlement, said a court hearing on the proposed settlement was set for Thursday in St. Paul, Minnesota.

Target has said at least 40 million credit cards were compromised in the breach during the 2013 holiday shopping season and may have resulted in the theft of as many as 110 million people’s personal information, such as email addresses and phone numbers.

A U.S. judge in December cleared the way for consumers to sue the retailer over the breach, rejecting Target’s argument that the consumers lacked standing to sue because they could not establish any injury.

Target is set to raise the starting salary of its workers to $9 an hour starting next month, following a similar move by rival Wal-Mart Stores WMT in what is one of the tightest labor markets in years.

Wal-Mart, which employes 1.3 million Americans said last month that it would raise the starting salary of its workers to $9 an hour in April, and $10 sometime in 2016, a move that would benefit about 500,000 workers. (Target employs about 347,000 people.) TJX Cos , the owner of the T.J. Maxx and Marshalls discount chains, followed suit soon after by saying it would raise its base wage to $9 an hour in June and to $10 next year.

These raises reflect a scarcer supply of workers and growing competition for them. Unemployment last month fell to 5.5%, its lowest level in nearly seven years.

“We make sure we’re competitive in every marketplace in which we do business,” Molly Snyder, a Target spokeswoman, told Fortune. “As part of that, we regularly and continually evaluate the marketplace to make sure our wages are competitive.”

Earlier this month, when Target CEO Brian Cornell and his executive team met with Wall Street analysts and reporters to lay out the discount chain’s multi-year growth plan, he dismissed the idea of an across-the-board pay increase for Target workers countrywide, saying such decisions were made on a market-by-market basis. While he did say that Target TGT was set to raise wages in stores, he pointed out that the retailer does so every year as a matter of course, depending on market demands. CFO John Mulligan told analysts earlier this month that any wage increase would not have a material impact on its financial results. Target has previously said that it pays more than the $7.25 federal minimum wage at all of its 1,800 stores.

How do Target and Walmart stack up in the e-commerce wars?

Target TGT and Wal-Mart Stores WMT were relative late-comers to e-commerce, each only getting serious about the channel in the last few years.

They paid a hefty price for that tardiness, losing market share to online retailers like Amazon.com AMZN and nimbler brick-and-mortar competitors. While they both still have a lot of catching up to do—each retailer gets about 3% of sales through digital commerce, compared to 6% of retail being online industrywide—they have made huge strides. In the most recent holiday quarter, digital sales at Target rose 40%, while those at Walmart jumped 18%.

Both companies will continue to pour a fortune into their e-commerce horsepower. Target last week said it would spend $1 billion this fiscal year on beefing up its digital capabilities—as much as it is spending on its 1,800 stores and expects e-commerce sales to rise 40%.

As for Walmart, CEO Doug McMillon said the holiday season performance was “solid, but not quite as strong as we wanted” (in the year-earlier quarter, e-commerce had grown 30% at Wal-Mart) and will redouble his company’s efforts on that front. Wal-Mart, whose U.S. sales are four times greater than Target’s, plans to spend about $2 billion on e-commerce this fiscal year. Both companies are also preparing for the next frontier in e-commerce, such as same-day delivery.

In a research note on Wednesday by Cowen & Co, analyst Oliver Chen and his team gave Target a slight edge over Wal-Mart thanks to its lead in mobile commerce (shopping and purchasing done via a smartphone) though he warned Wal-Mart was a strong competitor. (Wal-Mart, which gets more than half of its sales from grocery, is already testing grocery pickup for orders placed online. For Target, that will come later because it will spend the next year or so updating its food offerings, which currently generate one-fifth of sales. Food is one of the least underdeveloped areas for e-commerce.)

Earlier this month, Fortunedetailed the missteps Target has made in recent years that ultimately hurt its cachet and made it an e-commerce laggard. But Cowen’s survey of 2,500 customers at each chain showed how much goodwill there still is for Target, meaning a successful digital execution can be a boon. (Chen raised his price target for the company to $90 from $85 on the assumption Target will succeed.) The survey found 81% of Target customers are satisfied with the shopping experience there, compared to 71% at Walmart. But satisfaction among Target customers has slipped in recent years, most notably among consumers making more than $100,000, hence the focus on e-commerce.

Here is a closer look at Cowen’s findings:

Target:

– more and more people browsing online or on their phones are actually buying things now: “conversion,” as that phenomenon is known among retail nerds, rose 7.4 percentage points in February compared to a year earlier (though at 29.2%, it is below 35.8% at Walmart);

– Cartwheel, a market-leading coupon clipping app it launched in 2013, has generated $1 billion in sales and is seen as the leader in such apps—and most of the increase in Target’s online surge comes from mobile. Some 40% of all digital orders were placed via a mobile device.

– Target gets 80% of revenue from categories such as household goods and apparel, which lend themselves better to e-commerce than food does, meaning there is a lot of upside for online growth, particularly as it works to improve the stylishness of priority areas like clothes, beauty products and health items.

– Target plans to be able to use 350 stores by October to help fill online orders, and thereby speeding up delivery, compared to 136 now.

– Target is waiving shipping fees for any orders less than $25, something that will squeeze its profit margin, but also pressure Walmart and Amazon.

Walmart:

– Walmart US had 2014 online sales of about $12 billion, not that impressive in percentage terms, but certainly so in dollar terms.

– CEO Doug McMillon has made it a priority to widely expand the assortment at walmart.com to better compete with Amazon. The company this year will focus on doubling the number of items for sale to 10 million kinds of items (including variations by size and color).

– Walmart is planning to open four new facilities dedicated specifically to filling e-commerce orders.

– Walmart launched its Savings Catcher app only in August (allows comparison shopping), but it is growing quickly.

– Walmart has fewer stores equipped to help with shipping online orders than Target, but at 83 super centers, that’s double what it was two years ago.

– Walmart started allowing in-store pickup of online orders six years before Target did.

Target and the not so mysterious mystery of customer service failures

Target’s new CEO Brian Cornell recently made the radical decision to—gasp—make an unannounced appearance in one of his own stores with some actual Target customers.

The move, which Fortune’s Phil Wahba described in a recent feature on Target, gave me a profound sense of déjà vu. The previous CEO, Gregg Steinhafel, allowed a Potemkin Village-like circus to surround his state visits to the stores. Everyone up and down the management chain knew the chief was coming, the customers he would meet were all carefully chosen, and as Wahba observes, “About the only thing missing was a brass band playing, ‘Hail to the Chief.’”

This is a script that has played out over and over again, and somehow companies seem doomed to continue to relive it.

Here’s the basic plot. A terrific company becomes a leader in its market. The media lionize it, case studies are written about it, and it wins awards for things like innovation and customer service.

Then, somehow, without anyone being able to pinpoint when exactly, the formula stops working. Gradually, the numbers get softer and the adulation diminishes. The executive team at first attributes the slowdown to external conditions. Then there are a series of incremental stopgaps. Product variety is slashed. Cuts are made. Heads roll. Innovators abandon ship. Strategies are tried, then ditched. Sometimes, a horrific mistake leads to the ouster of the CEO (as in Target’s case, a brand-destroying data breach). Sometimes it’s a sense of things coming to a head. But the CEO leaves, someone new takes the role, and that someone new discovers, “oh my goodness—we have lost touch with our customers!”

In the next act of our play, our newly minted CEO sets about exploring what exactly it is that these customers are looking for, often by taking the controversial step of going and meeting with them one on one. It was such meetings that led Lou Gerstner at a rapidly sinking IBM to tell journalists that “the last thing this company needs is a vision.”

Alan Mulally famously arrived as the new CEO at the executive parking garage at Ford, itself months away from potential bankruptcy, to find no Ford-branded cars parked in the company’s employee parking lot!

Anne Mulcahy, facing a near-bankrupt Xerox, spent as much time as she could on the road. As she said, “When I became CEO, I spent the first 90 days on planes traveling to various offices and listening to anyone who had a perspective on what was wrong with the company. I think if you spend as much time listening as talking, that’s time well spent.”

Even once-highflying organizations, such as the U.K.’s Tesco, face the “lost touch” conundrum, with former CEO Terry Leahy blaming his successor for the retailer’s current problems, somehow overlooking the weakening of its British business and a disastrous foray into the U.S. Market, both of which occurred under Leahy’s watch. The answer, for Tesco, was to find yet another new CEO—nicknamed “Drastic Dave,” from Unilever—who has announced massive restructuring measures.

Gap Inc., once the darling of the “gap generation,” has been struggling for some time. As a 2012 New York Times article notes, Gap had “filled its stores with stuff that people didn’t want.” Apparently, the company is still figuring out what people want because—you guessed it—a new CEO took the reins just a few weeks ago, swearing to figure out what female customers are looking for.

Sometimes, it isn’t a new CEO that renews a company’s bonds with its customers, but a returning one. Steve Jobs, of course, at Apple, and Michael Dell at Dell are well-known examples of triumphant CEO returns. Charles Schwab returned to the company that bears his name after customers began to defect and he felt the culture had changed. Howard Schultz came back to Starbucks, dismayed at some of the decisions that he thought watered down the Starbucks experience. Myron “Mike” Ullman of J.C. Penney returned to try to right the ship after a disastrous attempt at a brand makeover by former Apple executive Ron Johnson. And A. G. Lafley returned to Procter & Gamble, only to find that a lot of the mantras that had made the company the success it was during his first tenure at the company had vanished. As an acquaintance told me, “he wondered where all the ‘customer is boss’ thinking had gone.”

Now, CEOs are very busy people, and it can seem like a poor use of their time to stand around in store aisles talking to customers without a particular agenda. When times are flush, it seems reasonable to treat ourselves to beautiful corner offices, decorate them with art, and spend time with our senior management teams. It’s hard to stay objective at those high altitudes. As a new CEO friend of mine said, “Oh, it’s great. My jokes are funnier, my decisions are wiser, and I think I’m even taller since taking the role.”

So, how can a CEO rewrite this script? As entrepreneur and colleague Steve Blank tells us, “there are no answers in the building.” Executives need to go out and hear from people outside their normal orbit. I’ll never forget a team meeting with the senior leaders of the Boots part of then-AllianceBoots. The meeting was on the 5th floor of a building with no elevator. At lunch time, we all trundled down the stairs to an AllianceBoots store to get sandwiches. Alex Gourlay, then the CEO of the group, dutifully went to the Boots sandwich display to collect his lunch and while in line got an earful from a customer who was displeased because they had run out of her favorite sandwich. That sparked a discussion among the group about how feedback like that could be incorporated into the retailer’s stocking decisions.

One CEO I know has a weekly breakfast with employees of different levels, randomly chosen, to get their perspective on the business without their superiors present. Others do as Target’s Cornell did and make visiting physical plants and locations part of their routine. Some, like Jeff Bezos of Amazon, routinely dip into the flow of customer comments and complaints. Some have an active social media presence in which they can exchange comments and ideas with customers. The basic lesson is an eternal one. Businesses achieve extraordinary results when they are in touch with their customers. They stumble when they lose sight of that fact.

Rita Gunther McGrath is a professor of business strategy at Columbia Business School

Cyber security: An afterthought for corporate America?

Maryland, where I live, requires its practicing Certified Public Accountants to attend an ethics class every other year. My turn came last October, and the instructor turned the subject to the ethics that surround hacked credit card accounts: When do hacked companies have a responsibility to inform their victimized customers and – next – how do they win back their trust? Before launching his discussion, the teacher asked the 60 attendees one question: In the past year, who among you has had to replace a credit card because of a security breach?

Every hand in the room went up. (Mine included.)

Maybe a lot of Maryland CPAs shop at Target TGT or Home Depot HD, but the unanimity surprised me nonetheless. It struck me that the problem of cyber security touches our lives more frequently than we care to think about – including when it comes to investments.

Cyber security, cyber crime, cyber threats – whatever label you chose – has grabbed an expanding parcel of 10-K real estate. Since late 2011, the Securities and Exchange Commission has urged companies to spell out the operational and financial risks posed by cyber-attacks in the risk factors section, and to converse with investors in the Management’s Discussion & Analysis (MD&A) section regarding any effects on operating results, liquidity or financial position. Yet investors often tag them as boilerplate disclosures to be shunned: the risk factors section occasionally contains fascinating corporate tidbits, but all too often they’re kitchen sink disclosures presented merely for legal prophylaxis, instead of for informing investors. The cyber-disclosures in the risk factors section usually fall into the kitchen sink category. Cyber-disclosures in the MD&A don’t generally command much more investor attention than those in the risk factors.

TargetTGT is an example of a company doing an excellent job in their disclosure of the effects of failed cyber security. They’ve recorded a probable liability stemming from their gigantic 2013 hack incident. Lawsuits and insurance recoveries have led to the development of numbers, the stuff of financial reporting. All of it is after the fact, however, and past events are also the stuff of financial reporting. The cost of Target’s legal exposure due to cyber security is certainly of interest to existing or potential investors, but investors in companies that haven’t been hacked should be wondering about other costs — namely, how is a company spending its resources before becoming the next Target? (Pun unintended.) Hardening the security around data might be the most important capital expenditures a company can make in a new age of cyber-threats, even if it’s not the kind of capital spending that increases earnings.

If companies are spending to improve cyber security, investors might expect to see increases in capitalized software reported in the balance sheet. Companies aren’t required to disclose the nature of their capitalized software, however. Even if there are noticeable increases in capitalized software, investors can’t be sure that they relate to improved data security. Any hardening costs that affect earnings might get rationalized in the quarterly earnings call, but it’s certainly not a trend.

Maybe investors aren’t yet interested in knowing the preventive costs of cyber security. After all, Sony’s SNE infamous November 2014 hack was so crippling that they have been unable to produce their December 2014 quarter-end financial statements, and don’t expect to do so until the end of this month. Investors don’t seem troubled by a lack of current financial information: the stock is up about 26% since the hack.

What, me worry?

Jack T. Ciesielski is president of R.G. Associates, Inc., an asset management and research firm in Baltimore that publishes The Analyst’s Accounting Observer, a research service for institutional investors.